Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@or2008/embed
Advanced tools
Provides Block tool for embedded content for the Editor.js. Tool uses Editor.js pasted patterns handling and inserts iframe with embedded content.
Get the package
npm i --save-dev @editorjs/embed
Include module at your application
const Embed = require('@editorjs/embed');
dist
from repositorydist/bundle.js
file to your page.You can load specific version of package from jsDelivr CDN.
https://cdn.jsdelivr.net/npm/@editorjs/embed@latest
Then require this script on page with Editor.js.
<script src="..."></script>
Add a new Tool to the tools
property of the Editor.js initial config.
var editor = EditorJS({
...
tools: {
...
embed: Embed,
},
...
});
Embed Tool supports some services by default (see the full list here). You can specify services you would like to use:
var editor = EditorJS({
...
tools: {
...
embed: {
class: Embed,
config: {
services: {
youtube: true,
coub: true
}
}
},
},
...
});
Note that if you pass services you want to use like in the example above, others will not be enabled.
Also you can provide your own services using simple configuration.
First of all you should create a Service configuration object. It contains following fields:
Field | Type | Description |
---|---|---|
regex | RegExp | Pattern of pasted URLs. You should use regexp groups to extract resource id |
embedUrl | string | Url of resource`s embed page. Use <%= remote_id %> to substitute resource identifier |
html | string | HTML code of iframe with embedded content. embedUrl will be set as iframe src |
height | number | Optional. Height of inserted iframe |
width | number | Optional. Width of inserted iframe |
id | Function | Optional. If your id is complex you can provide function to make the id from extraced regexp groups |
Example:
{
regex: /https?:\/\/codepen.io\/([^\/\?\&]*)\/pen\/([^\/\?\&]*)/,
embedUrl: 'https://codepen.io/<%= remote_id %>?height=300&theme-id=0&default-tab=css,result&embed-version=2',
html: "<iframe height='300' scrolling='no' frameborder='no' allowtransparency='true' allowfullscreen='true' style='width: 100%;'></iframe>",
height: 300,
width: 600,
id: (groups) => groups.join('/embed/')
}
When you create a Service configuration object, you can provide it with Tool`s configuration:
var editor = EditorJS({
...
tools: {
...
embed: {
class: Embed,
config: {
services: {
youtube: true,
coub: true,
codepen: {
regex: /https?:\/\/codepen.io\/([^\/\?\&]*)\/pen\/([^\/\?\&]*)/,
embedUrl: 'https://codepen.io/<%= remote_id %>?height=300&theme-id=0&default-tab=css,result&embed-version=2',
html: "<iframe height='300' scrolling='no' frameborder='no' allowtransparency='true' allowfullscreen='true' style='width: 100%;'></iframe>",
height: 300,
width: 600,
id: (groups) => groups.join('/embed/')
}
}
}
},
},
...
});
Editor.js provides useful inline toolbar. You can allow it`s usage in the Embed Tool caption by providing inlineToolbar: true
.
var editor = EditorJS({
...
tools: {
...
embed: {
class: Embed,
inlineToolbar: true
},
},
...
});
Field | Type | Description |
---|---|---|
service | string | service unique name |
source | string | source URL |
embed | string | URL for source embed page |
width | number | embedded content width |
height | number | embedded content height |
caption | string | content caption |
{
"type" : "embed",
"data" : {
"service" : "coub",
"source" : "https://coub.com/view/1czcdf",
"embed" : "https://coub.com/embed/1czcdf",
"width" : 580,
"height" : 320,
"caption" : "My Life"
}
}
FAQs
Embed Tool for Editor.js
We found that @or2008/embed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.